cookie加上HttpOnly属性

代码及用法如下：

<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>

<%
'Response.Cookies("firstname")="jz1024"
'Response.Cookies.Path= "HTTPOnly"
'Response.Cookies("firstname").Secure ="true"

'**************************************************
'ASP 中输出httponly cookie IE6.0以上浏览器支持

'2021-11-01
'<meta http-equiv="Content-Type" content="text/html; charset=gb2312″>
'**************************************************
'―――-SetHttpOnlyCookie―――――――――――――-
'功能:设置HttpOnly Cookie
'参数:expDate 为保到期， 0表示不设置，设置为过去某一时间表示清除
'参数:domain 为空(string.Empty)表示不设置
'――――――――――――――――――――――-
Function SetHttpOnlyCookie(cookieName,cookieValue,domain,path,expDate)
Dim cookie
cookie=cookieName & "=" & Server.URLEncode(cookieValue) & "; path=" & path
If expDate <> 0 Then
cookie=cookie & "; expires=" & DateToGMT(expDate)
End If
If domain <> "" Then
cookie=cookie & "; domain=" & domain
End If
cookie=cookie & "; HttpOnly"
Call Response.AddHeader ("Set-Cookie", cookie)
End Function
'――――-getGMTTime――――
'参数: sDate 需要转换成GMT的时间
'―――――――――――
Function DateToGMT(sDate)
Dim dWeek,dMonth
Dim strZero,strZone
strZero="00"
strZone="+0800"
dWeek=Array("Sun","Mon","Tue","Wes","Thu","Fri","Sat")
dMonth=Array("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec")
DateToGMT = dWeek(WeekDay(sDate)-1)&", "&Right(strZero&Day(sDate),2)&" "&dMonth(Month(sDate)-1)&" "&Year(sDate)&" "&Right(strZero&Hour(sDate),2)&":"&Right(strZero&Minute(sDate),2)&":"&Right(strZero&Second(sDate),2)&" "&strZone
End Function
'示例
Call SetHttpOnlyCookie("id","onlyValue","www.xiaoyebailong.com","/",0)
%>

如果想加Secure属性必须在https下才行！
看下面文章Cookie的Secure属性